Press Releases

Today, the House Financial Services Committee and the House Energy & Commerce Committee announced a joint effort to advance two landmark data privacy bills, the GUARD Financial Data Act and the SECURE Data Act, to provide Americans more control over their personal data, create a uniform national framework to promote competition, and improve consumer choice by increasing access to financial products and services for all Americans. The bills are aligned in substance and reflect the unique considerations of existing law, the financial sector, and each Committee.

Click HERE for a one-pager on the bills.

Click HERE for a section-by-section on the GUARD Financial Data Act.

Click HERE for the text of the GUARD Financial Data Act.

Click HERE for the text of the SECURE Data Act.

Rep. French Hill (AR-02), Chairman of the House Committee on Financial Services, Rep. Bill Huizenga (MI-04), Vice Chairman of the House Committee on Financial Services, Rep. Andy Barr (KY-06), Chairman, Subcommittee on Financial Institutions, and Rep. Bryan Steil (WI-01), Chairman, Subcommittee on Digital Assets, Financial Technology, and Artificial Intelligence said, "For decades, Americans have entrusted financial institutions to maintain the privacy and security of their financial information. Twenty-six years ago, when the Gramm-Leach-Bliley Act (GLBA) became law, it was written in a technology-neutral fashion that has adapted well to the changes in technology and types of consumer data that have developed since 1999. But, in that time, the volume and complexity of data have increased such that providing consumers greater control over their financial data has become imperative.

“That is why we have introduced the GUARD Financial Data Act to modernize the GLBA. Our bill minimizes data collection and disclosures; allows customers and former customers to request access to their financial data held by a financial institution; allows former customers of a financial institution to request deletion of their data; and requires a financial institution to receive a consumer’s affirmative opt-in consent before sensitive personal information can be disclosed.

“The Financial Services Committee is proud to introduce these commonsense protections in coordination with the Energy and Commerce Committee as part of a unified House Republican effort to ensure Americans' data privacy rights. This effort represents a significant step to strengthen consumer protections and ensure Americans have control over their financial data. We look forward to continuing to work together as these measures progress through the legislative process.”

Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Congress, and Congressman John Joyce, M.D. (PA-13), Leader of the Energy and Commerce Data Privacy Working Group added, “The Energy and Commerce Data Privacy Working Group was created to reset the discussion on comprehensive data privacy, taking wide ranging input from stakeholders and crafting a consensus bill that protects the privacy and security of Americans’ personal data. The SECURE Data Act is the result. This bill establishes clear, enforceable protections so that Americans remain in charge of their own data and companies are held accountable for its safe keeping. We look forward to working with our colleagues to build support for this bill and advance data privacy protections fit for our 21st century economy.”

Key Parts of the GUARD Financial Data Act:

Establishes Title V of the Gramm-Bliley Act (GLBA) as the uniform national standard for consumer data privacy and security protections in the financial services sector:

• The bill contains robust data-level and entity-level preemption to enhance competition, decrease compliance costs, and expand consumers’ choice of financial products and services. 

Strengthens key consumer protections:

• Codifies the continuing right of consumers to opt-out of disclosures of their data and the right of consumers to revoke their consent to collection or disclosure of sensitive data within a framework of necessary existing GLBA Title V exceptions. 
• Ensures consumers receive a more fulsome picture of how their data is being used and how to exercise their data rights by expanding the information consumers receive. 

Ensures a consumer’s sensitive personal data can only be collected or disclosed with the consumer’s consent:

• Sensitive personal data includes race, ethnicity, religion, health info, biometric data, and precise geolocation data. 

Requires financial institutions to minimize data use:  

• Financial institutions can only collect or disclose data that is adequate, relevant, and reasonably necessary for the purpose of the product or service. 

Ensures customers of a financial institution have key rights, including a right to: 

• Request deletion of their data by a financial institution in the case of former customers, subject to necessary exceptions. 
• Request access to and obtain a copy of their data that is possessed by a financial institution, in the case of current and former customers.  
• The financial institution must provide current and former customers with this data in a format that allows them the ability to transfer their data to another financial institution. 

Incentivizes adoption of more secure data access and disclosure methods:

• Requires data aggregators and third parties to provide notice and opt-out before using a consumer’s login credentials to access their account at a financial institution. 

Maintains enforcement by Federal functional regulators and state insurance regulators: 

• Maintains GLBA Title V’s data privacy enforcement authorities of the Consumer Financial Protection Bureau, Commodity Futures Trading Commission (CFTC), Federal Deposit Insurance Corporation (FDIC), Federal Reserve, Federal Trade Commission (FTC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC), Securities and Exchange Commission (SEC), and state insurance regulators for the financial institutions within their respective jurisdictions. 
• Maintains GLBA Title V’s data security enforcement authorities of the CFTC, FDIC, Federal Reserve, FTC, NCUA, OCC, SEC, and state insurance regulators for the financial institutions within their respective jurisdictions. 

###